For 40 million Target customers, the Ho! Ho! Ho! of the holiday shopping season has turned to "uh-oh," and we've got some guidance if you're one of them.

The popular discount retailer confirmed Thursday that's how many people may have had their credit or debit card information accessed by crooks at the retailers' U.S. stores from Nov. 27 to Dec. 15, one of the busiest shopping periods of the year. The Target data breach -- which is under investigation by the Secret Service -- is among the biggest on record.

The company hasn't said how it happened, but the incident could pose serious problems for the customers whose names, card numbers and card security codes were exposed. Online shoppers were not affected.

This Thursday, Dec. 19, 2013 photo shows a Target retail chain logo on the exterior of a Target store in Watertown, Mass. Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. (AP Photo/Steven Senne)
(
Steven Senne
)

Q: I shopped at Target when this happened. What should I do?

A: Immediately check your card statements for suspicious transactions and report them to the card issuer as quickly as possible. It's important to watch for even small transactions that appear suspicious, said Eric Chiu, president of security firm HyTrust. That's because after accessing a card's account information, he noted, "attackers may sometimes test the waters to make sure its a valid account before making a big transaction."

Q: Can the card issuer let me know if they spot suspicious transactions on my card?

A: Many of them will, according to J.D. Sherry, of the security firm Trend Micro. If you ask, they will text message you on your mobile devices about transactions that are unusually large, originate from foreign locations or that you otherwise specify as worrisome.

Q: Should I change the personal identification number on my debit card, if I used the card at Target during the period of the breach?

A: Chiu and Sherry both said yes. Otherwise, if crooks get access to the PIN, they could use that along with a fake debit card they create to steal your money from an automatic teller machine.

Q: What should I do if I've suffered fraudulent charges as a result of the breach?

A: Target says to report it immediately to your financial institutions. You can also send a letter about the problems to whatever address the card issuer provides for billing errors. You also can contact police and the Federal Trade Commission if you fear you're a victim of identity theft. You can contact the FTC at 877-438-4338 or write the agency at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Ave. NW, Washington, D.C. 20580.

Q: What financial risk do I face if the crooks have stolen my card number to make fraudulent charges?

A: With credit cards, "you are not liable for unauthorized use," according to the FTC. With debit cards -- which are covered under a different federal law — the agency notes that "you are not liable for those transactions if you report them within 60 days of your statement being sent to you." Different rules apply if the cards themselves are stolen.

Q: How can I find out if my credit rating is affected by a fraudulent charge due to the breach?

A: You can ask to see your credit report from one of these credit reporting agencies: Equifax at 800-525-6285, Experian at 888-397-3742 or TransUnion at 800-680-7289.

FILE - In this Jan. 18, 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla. Target says that about 40 million credit and debit card accounts customers may have been affected by a data breach that occurred at its U.S. stores between Nov. 27, 2013, and Dec. 15, 2013. (AP Photo/Phil Coale, File)
(
Phil Coale
)

Q: If I find my credit rating has been affected by a fraudulent charge, what can I do about that?

A: You can ask one of the agencies to delete the charge from your credit file. Whichever agency you call is required by law to notify the others. You also can ask them to add a 90-day fraud alert to your file, which warns lenders to be especially wary of requests to increase the credit limit on an existing account or to obtain a new card on that account.